EUVD-2022-7411

Malicious code in bioql PyPI...

CVE-2022-41925

A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the...

Design/Logic Flaw

A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the...

CVE-2022-41925 Tailscale daemon is vulnerable to information disclosure via CSRF

A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the...

CVE-2022-41925

The CVE affects all Tailscale clients prior to v1.32.3. A DNS rebinding flaw in the peer API allows a malicious website to rebind the node’s DNS to attacker-controlled resolvers, enabling the attacker to issue peer API requests and read environment variables (including credentials/secrets such as...

PT-2022-26155 · Tailscale · Tailscale Client

Name of the Vulnerable Software and Affected Versions: Tailscale client versions prior to v1.32.3 Description: A vulnerability in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. The peer API was vulnerable t...